user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    index index.php
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log      /var/log/nginx/access.log main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    server_names_hash_bucket_size 128;

        #gzip  on;


    include /etc/nginx/sites-enabled.d/*.conf;

  server {
      listen 80;
      server_name {{ ec2_name_prefix|lower }}.{{ workshop_dns_zone|lower }};
      return 301 https://{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone|lower }}$request_uri;
  }
  server {
      root /usr/share/nginx/html;
      listen              443 ssl;
      server_name         {{ ec2_name_prefix|lower }}.{{ workshop_dns_zone|lower }};
      {% if issue_cert is not failed %}
      ssl_certificate     /etc/letsencrypt/live/{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone|lower }}/combined.cert;
      ssl_certificate_key /etc/letsencrypt/live/{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone|lower }}/privkey.pem;
      {% endif %}
      ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers         HIGH:!aNULL:!MD5;

    location ~ [^/]\.php(/|$) {
        include       /etc/nginx/mime.types;
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }

        # Mitigate https://httpoxy.org/ vulnerabilities
        fastcgi_param HTTP_PROXY "";

        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;

        # include the fastcgi_param setting
        include /etc/nginx/fastcgi_params;
    }
  }
}
